Login Sign Up

CVE-2023-40333

7.1 HIGH
Cross-Site Scripting

📋 TL;DR

This vulnerability allows unauthenticated attackers to inject malicious scripts into web pages via the Bridge Core WordPress plugin. When users visit a specially crafted URL, the script executes in their browser, potentially stealing credentials or performing actions on their behalf. All WordPress sites using Bridge Core plugin version 3.0.9 or earlier are affected.

💻 Affected Systems

Products:
  • Qode Interactive Bridge Core WordPress Plugin
Versions: <= 3.0.9
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: WordPress sites with the Bridge Core plugin installed and active are vulnerable. No special configuration required.

📦 What is this software?

Bridge Core by Qodeinteractive

View all CVEs affecting Bridge Core →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, take over WordPress sites, deface websites, or redirect users to malicious sites.

🟠

Likely Case

Attackers steal user session cookies or credentials, perform phishing attacks, or deface public-facing pages.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts would be neutralized before execution.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires crafting a malicious URL with JavaScript payload. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.1.0

Vendor Advisory: https://patchstack.com/database/vulnerability/bridge-core/wordpress-bridge-core-plugin-3-0-9-reflected-cross-site-scripting-xss-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Bridge Core' plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 3.1.0+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable Bridge Core Plugin

all

Temporarily disable the vulnerable plugin until patching is possible.

wp plugin deactivate bridge-core

Web Application Firewall (WAF) Rules

all

Configure WAF to block XSS payloads targeting Bridge Core endpoints.

🧯 If You Can't Patch

  • Implement Content Security Policy (CSP) headers to restrict script execution
  • Use web application firewall to filter malicious requests

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin > Plugins > Installed Plugins for Bridge Core version <= 3.0.9

Check Version:

wp plugin get bridge-core --field=version

Verify Fix Applied:

Verify Bridge Core plugin version is 3.1.0 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests with JavaScript payloads in query parameters
  • Unusual GET requests to Bridge Core plugin endpoints

Network Indicators:

  • Malicious URLs containing script tags or JavaScript code targeting the plugin

SIEM Query:

source="web_server" AND (uri="*bridge-core*" OR uri="*qode*" OR user_agent="*<script>*")

📊 Metadata

CVE ID: CVE-2023-40333
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CWE: CWE-79
Published: September 27, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-40333, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)